HPE Community
Operating System - HP-UX
1833758 Members
3194 Online
110063 Solutions
New Discussion

Security RED FLAG For root .profile?

 
SOLVED
Go to solution
joe_91
Super Advisor

‎11-30-2004 02:20 AM

‎11-30-2004 02:20 AM

Security RED FLAG For root .profile?

Team:

The security software shows RED FLAG for root's .profile. The permission is 400 for .profile with owner as root:sys. here is the error after running the report
/.profile daemon: : GID is sys, expected daemon
/.profile hpdb:ALLBASE: GID is sys, expected other
/.profile www: : GID is sys, expected other

I am not sure how to correct it? Any ideas?

Thanks

Joe.
0 Kudos
Reply
8 REPLIES 8
Fred Ruffet
Honored Contributor

‎11-30-2004 02:30 AM

‎11-30-2004 02:30 AM

Re: Security RED FLAG For root .profile?

I don't know why it is said to be related to .profile, but what is displayed is default groups for those users, and they seem not to be correct. You should correct this with this commands :
usermod -g daemon daemon
usermod -g other hpdb
usermod -g other www

This should correct the problem.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎11-30-2004 02:32 AM

‎11-30-2004 02:32 AM

Re: Security RED FLAG For root .profile?

I am not sure how to interpret your report, but you can report on the group id using the following:
# id daemon
# id hpdb
# id www

For example:
# id www
uid=30(www) gid=1(other)

The gid is stored in the /etc/passwd file.
www:*:30:1::/:
"Downtime is a Crime."
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎11-30-2004 02:54 AM

‎11-30-2004 02:54 AM

Re: Security RED FLAG For root .profile?

I honestly wouldn't worry about it much.

It is flagging the /.profile because the home directory for each of those users is /, thus it will use the same .profile as the root user, whose home dir is also / by default. The default for root's .profile is owner=root and group=sys, thus you're getting the GID is sys for /.profile.

None of those users should be able to login and you normally don't even su to them, at least I never have, so the .profile should never even be used.

I guess you could try setting up a separate home directory for each of those users /hpdb, /daemon, /www and give them their own profile with the expected permissions. I don't think that would effect anything else. It'd just be non-standard.
0 Kudos
Reply
joe_91
Super Advisor

‎11-30-2004 03:04 AM

‎11-30-2004 03:04 AM

Re: Security RED FLAG For root .profile?

I am not able to usermod 'coz it says Cannot modify user 'hpdb': Home directory '/' is shared

Joe
0 Kudos
Reply
joe_91
Super Advisor

‎11-30-2004 03:16 AM

‎11-30-2004 03:16 AM

Re: Security RED FLAG For root .profile?

how to add the home direcory for these users?

joe
0 Kudos
Reply
joe_91
Super Advisor

‎11-30-2004 03:24 AM

‎11-30-2004 03:24 AM

Re: Security RED FLAG For root .profile?

ok super. i added /daemon as the home dir and same way for others and the red is gone. will this have any other impacts?

Joe
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎11-30-2004 03:29 AM

‎11-30-2004 03:29 AM

Solution

Re: Security RED FLAG For root .profile?

I don't think it will impact anything, but I'm not 100% sure. I've never tried it.
Reply
Fred Ruffet
Honored Contributor

‎11-30-2004 03:41 AM

‎11-30-2004 03:41 AM

Re: Security RED FLAG For root .profile?

On my ref system, those user are affected to / as home. It shouldn't be a problem as long as they never log in... But we never know.
Better replace everything as said. If you can't use usermod, use sam, or, at least vi (oh ! what a bad advice !). If using vi, make sure to copy file before.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.